* Copyright (C) 2005 James Grant * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public * License as published by the Free Software Foundation, version 2. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; see the file COPYING. If not, write to * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, * Boston, MA 02111-1307, USA. */ ?> query("SELECT (NOW()>'" . $config['dates']['regopen'] . "' AND NOW()<'" . $config['dates']['regclose'] . "') AS datecheck, NOW()<'" . $config['dates']['regopen'] . "' AS datecheckbefore, NOW()>'" . $config['dates']['regclose'] . "' AS datecheckafter"); $datecheck = $q->fetch(PDO::FETCH_OBJ); if (get_value_from_array($_POST, 'action') == 'new') { $q = $pdo->prepare('SELECT email,num,id,schools_id FROM registrations WHERE email=? AND num=? AND year=?'); $q->execute([$_SESSION['email'], $_POST['regnum'], $config['FAIRYEAR']]); if ($q->rowCount()) { $r = $q->fetch(PDO::FETCH_OBJ); $_SESSION['registration_number'] = $r->num; $_SESSION['registration_id'] = $r->id; $r->schools_id = $r->schools_id ?? 0; $stmt = $pdo->prepare('INSERT INTO students (registrations_id,email,schools_id,year) VALUES (?,?,?,?)'); $stmt->execute([$r->id, $_SESSION['email'], $r->schools_id, $config['FAIRYEAR']]); $stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id=?"); $stmt->execute([$r->id]); header('Location: register_participants_main.php'); exit; } else { send_header('Participant Registration'); echo error(i18n('Invalid registration number (%1) for email address %2', array($_POST['regnum'], $_SESSION['email']), array('registration number', 'email address'))); $_POST['action'] = 'login'; } } else if (get_value_from_array($_POST, 'action') == 'continue') { if (get_value_from_array($_POST, 'email')) $_SESSION['email'] = stripslashes($_POST['email']); $q = $pdo->prepare('SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations JOIN students ON students.registrations_id = registrations.id WHERE students.email = ? AND registrations.num = ? AND registrations.year = ? AND students.year = ?'); $q->execute([ $_SESSION['email'], intval($_POST['regnum']), $config['FAIRYEAR'], $config['FAIRYEAR'] ]); if ($q->rowCount()) { $r = $q->fetch(PDO::FETCH_OBJ); $_SESSION['registration_number'] = $r->regnum; $_SESSION['registration_id'] = $r->regid; $_SESSION['students_id'] = $r->studentid; header('Location: register_participants_main.php'); exit; } else { send_header('Participant Registration'); echo error(i18n('Invalid registration number (%1) for email address %2', array($_POST['regnum'], $_SESSION['email']), array('registration number', 'email address'))); $_POST['action'] = 'login'; } } else if (get_value_from_array($_GET, 'action') == 'resend' && get_value_from_array($_SESSION, 'email')) { // first see if the email matches directly from the registrations table $q = $pdo->prepare('SELECT registrations.num FROM registrations WHERE registrations.email=? AND registrations.year=?'); $q->execute([$_SESSION['email'], $config['FAIRYEAR']]); if ($q->rowCount()) $r = $q->fetch(PDO::FETCH_OBJ); else { // no match from registrations, so lets see if it matches from the students table $q = $pdo->prepare('SELECT registrations.num FROM registrations, students WHERE students.email=? AND students.registrations_id=registrations.id AND registrations.year=?'); $q->execute([$_SESSION['email'], $config['FAIRYEAR']]); $r = $q->fetch(PDO::FETCH_OBJ); } if ($r) { email_send('register_participants_resend_regnum', $_SESSION['email'], array(), array('REGNUM' => $r->num)); send_header('Participant Registration'); echo notice(i18n('Your registration number has been resent to your email address %1', array($_SESSION['email']), array('email address'))); } else { send_header('Participant Registration'); echo error(i18n('Could not find a registration for your email address')); } } else if (get_value_from_array($_GET, 'action') == 'logout') { unset($_SESSION['email']); unset($_SESSION['registration_number']); unset($_SESSION['registration_id']); send_header('Participant Registration'); echo notice(i18n('You have been successfully logged out')); } // if they've alreayd logged in, and somehow wound back up here, take them back to where they should be if (get_value_from_array($_SESSION, 'registration_number') && get_value_from_array($_SESSION, 'registration_id') && get_value_from_array($_SESSION, 'email')) { header('Location: register_participants_main.php'); exit; } send_header('Participant Registration'); if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($_POST, 'email') || get_value_from_array($_SESSION, 'email'))) { if (get_value_from_array($_POST, 'email')) $_SESSION['email'] = stripslashes($_POST['email']); echo '
'; $allownew = true; $showform = true; // first, check if they have any registrations waiting to be opened $q = $pdo->prepare("SELECT * FROM `registrations` WHERE `email` = :email AND `status` = 'new' AND `year` = :year"); $q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR); $q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT); $q->execute(); if ($q->rowCount() > 0) { echo i18n('Please enter your registration number that you received in your email, in order to begin your new registration'); echo ''; $allownew = false; } else { // check if they have an already open registration $q = $pdo->prepare("SELECT students.email, registrations.status, registrations.id FROM students, registrations WHERE students.email = :email AND students.year = :year AND registrations.year = :year AND registrations.status IN ('open', 'paymentpending', 'complete') AND students.registrations_id = registrations.id"); $q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR); $q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT); $q->execute(); if ($q->rowCount() > 0) { $r = $q->fetch(PDO::FETCH_OBJ); // print_r($r); echo i18n('Please enter your registration number in order to login'); echo ''; $allownew = false; echo '
'; } else { // they dont have a 'new' and they dont have an 'open/paymentpending/complete' so that means that they want to create a new one... BUT... if ($config['participant_registration_type'] == 'invite') { $allownew = false; $showform = false; echo i18n('Participant registration is by invite only. You can not create a new account. If you have been invited by your school/region, you need to use the same email address that you were invited with.'); echo '
'; echo '
'; echo 'Back to Participant Registration'; } else if ($config['participant_registration_type'] == 'singlepassword') { $showsinglepasswordform = true; if (get_value_from_array($_POST, 'singlepassword')) { if ($_POST['singlepassword'] == $config['participant_registration_singlepassword']) { $allownew = true; $showform = true; $showsinglepasswordform = false; } else { echo error(i18n('Invalid registration password, please try again')); $allownew = false; $showform = false; } } if ($showsinglepasswordform) { echo i18n('Participant registration is protected by a password. You must know the registration password in order to create an account.'); echo '
'; echo '
'; echo ''; echo i18n('Email Address:') . ' ' . $_SESSION['email'] . '
'; echo i18n('Registration Password:'); echo ''; echo '
'; echo '
'; echo ''; echo '
'; $allownew = false; $showform = false; } } else if ($config['participant_registration_type'] == 'schoolpassword') { $showschoolpasswordform = true; if ($_POST['schoolpassword'] && $_POST['schoolid']) { $q = $pdo->prepare('SELECT registration_password FROM schools WHERE id=? AND year=?'); $q->execute([$_POST['schoolid'], $config['FAIRYEAR']]); $r = $q->fetch(PDO::FETCH_OBJ); if ($_POST['schoolpassword'] == $r->registration_password) { $allownew = true; $showform = true; $showschoolpasswordform = false; $schoolidquery = "'" . $_POST['schoolid'] . "'"; } else { echo error(i18n('Invalid school registration password, please try again')); $allownew = false; $showform = false; } } if ($showschoolpasswordform) { echo i18n('Participant registration is protected by a password for each school. You must know your school registration password in order to create an account.'); echo '
'; echo '
'; echo ''; echo i18n('Email Address:') . ' ' . $_SESSION['email'] . '
'; echo i18n('School: '); $q = $pdo->prepare('SELECT id,school FROM schools WHERE year=? ORDER BY school'); $q->execute([$config['FAIRYEAR']]); echo ''; echo '
'; echo i18n('School Registration Password: '); echo ''; echo '
'; echo '
'; echo ''; echo ''; $allownew = false; $showform = false; } } else if ($config['participant_registration_type'] == 'open') { // thats fine, continue on and create them the account. } else if ($config['participant_registration_type'] == 'openorinvite') { // thats fine too, continue on and create them the account. } else { echo error(i18n('There is an error with the SFIAB configuration. participant_registration_type is not defined. Contact the fair organizers to get this fixed.')); $allownew = false; $showform = false; } } } if ($allownew) { if ($datecheck->datecheck == 0) { if ($datecheck->datecheckbefore) echo error(i18n('Registration is not open yet. You can not create a new account')); else if ($datecheck->datecheckafter) echo error(i18n('Registration is now closed. You can not create a new account')); $showform = false; echo 'Back to Participant Registration Login Page'; } else { // they can only create a new registraiton if they have a valid email address, so lets do a quick ereg check on their email if (isEmailAddress($_SESSION['email'])) { $regnum = 0; // now create the new registration record, and assign a random/unique registration number to then. do { // random number between // 100000 and 999999 (six digit integer) $regnum = rand(100000, 999999); $q = $pdo->prepare('SELECT * FROM registrations WHERE num=? AND year=?'); $q->execute([$regnum, $config['FAIRYEAR']]); } while ($q->rowCount() > 0); if (!$schoolidquery) $schoolidquery = 'null'; // actually insert it $stmt = $pdo->prepare("INSERT INTO registrations (num, email, start, status, schools_id, year) \t\t\t\t\t\t\t\t\tVALUES (?, ?, NOW(), ?, ?, ?)"); $stmt->execute([ $regnum, $_SESSION['email'], 'new', $schoolidquery, $config['FAIRYEAR'] ]); email_send('new_participant', $_SESSION['email'], array(), array('REGNUM' => $regnum, 'EMAIL' => $_SESSION['email'])); echo i18n('You have been identified as a new registrant. An email has been sent to %1 which contains your new registration number. Please check your email to obtain your registration number and then enter it below:', array($_SESSION['email']), array('email address')); echo ''; } else { echo error(i18n('The email address you entered (%1) appears to be invalid. You must use a proper email address in order to create an account', array($_SESSION['email']))); echo '' . i18n('Return to participant registration') . ''; $showform = false; } } } if ($showform) { echo '
'; echo '
'; echo i18n('Registration Number:'); echo ''; echo '
'; echo '
'; echo ''; echo ''; echo '
'; echo i18n('If you have lost or forgotten your registration number, please click here to resend it to your email address'); } } else { // Lets check the date - if we are AFTER 'regopen' and BEFORE 'regclose' then we can login // otherwise, registration is closed - no logins! // this will return 1 if its between the dates, 0 otherwise. if ($datecheck->datecheck == 0) { if ($datecheck->datecheckbefore) echo notice(i18n('Registration for the %1 %2 is not open yet. Registration will open on %3.', array($config['FAIRYEAR'], $config['fairname'], format_datetime($config['dates']['regopen'])), array('fair year', 'fair name', 'registration open date'))); else if ($datecheck->datecheckafter) { echo notice(i18n('Registration for the %1 %2 is now closed. Existing registrants can login and view (read only) their information, as well as apply for special awards (if applicable).', array($config['FAIRYEAR'], $config['fairname']), array('fair year', 'fair name'))); echo i18n('Please enter your email address to login'); } echo '
'; echo '
'; $buttontext = i18n('Login'); } else { if ($config['participant_registration_type'] == 'invite') { echo i18n('Registration is by invitation only. As soon as you are invited by your school or the science fair committee, you will receive a welcoming email with your Registration Number'); echo '
'; echo '
'; echo i18n('Please enter your email address to:'); echo '